The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1171
- Question
- Answer
- Explanation
- CISA Question 1172
- Question
- Answer
- Explanation
- CISA Question 1173
- Question
- Answer
- Explanation
- CISA Question 1174
- Question
- Answer
- Explanation
- CISA Question 1175
- Question
- Answer
- Explanation
- CISA Question 1176
- Question
- Answer
- Explanation
- CISA Question 1177
- Question
- Answer
- Explanation
- CISA Question 1178
- Question
- Answer
- Explanation
- CISA Question 1179
- Question
- Answer
- Explanation
- CISA Question 1180
- Question
- Answer
- Explanation
CISA Question 1171
Question
Which of the following is an effective method for controlling downloading of files via FTP?
A. An application-layer gateway, or proxy firewall, but not stateful inspection firewalls
B. An application-layer gateway, or proxy firewall
C. A circuit-level gateway
D. A first-generation packet-filtering firewall
Answer
B. An application-layer gateway, or proxy firewall
Explanation
Application-layer gateways, or proxy firewalls, are an effective method for controlling downloading of files via FTP. Because FTP is an OSI application-layer protocol, the most effective firewall needs to be capable of inspecting through the application layer.
CISA Question 1172
Question
Which of the following BEST characterizes a mantrap or deadman door, which is used as a deterrent control for the vulnerability of piggybacking?
A. A monitored double-doorway entry system
B. A monitored turnstile entry system
C. A monitored doorway entry system
D. A one-way door that does not allow exit after entry
Answer
A. A monitored double-doorway entry system
Explanation
A monitored double-doorway entry system, also referred to as a mantrap or deadman door, is used a deterrent control for the vulnerability of piggybacking.
CISA Question 1173
Question
Which of the following is often used as a detection and deterrent control against Internet attacks?
A. Honeypots
B. CCTV
C. VPN
D. VLAN
Answer
A. Honeypots
Explanation
Honeypots are often used as a detection and deterrent control against Internet attacks.
CISA Question 1174
Question
What are often the primary safeguards for systems software and data?
A. Administrative access controls
B. Logical access controls
C. Physical access controls
D. Detective access controls
Answer
B. Logical access controls
Explanation
Logical access controls are often the primary safeguards for systems software and data.
CISA Question 1175
Question
Which of the following would provide the highest degree of server access control?
A. A mantrap-monitored entryway to the server room
B. Host-based intrusion detection combined with CCTV
C. Network-based intrusion detection
D. A fingerprint scanner facilitating biometric access control
Answer
D. A fingerprint scanner facilitating biometric access control
Explanation
A fingerprint scanner facilitating biometric access control can provide a very high degree of server access control.
CISA Question 1176
Question
Regarding digital signature implementation, which of the following answers is correct?
A. A digital signature is created by the sender to prove message integrity by encrypting the message with the sender’s private key. Upon receiving the data, the recipient can decrypt the data using the sender’s public key.
B. A digital signature is created by the sender to prove message integrity by encrypting the message with the recipient’s public key. Upon receiving the data, the recipient can decrypt the data using the recipient’s public key.
C. A digital signature is created by the sender to prove message integrity by initially using a hashing algorithm to produce a hash value or message digest from the entire message contents. Upon receiving the data, the recipient can independently create it.
D. A digital signature is created by the sender to prove message integrity by encrypting the message with the sender’s public key. Upon receiving the data, the recipient can decrypt the data using the recipient’s private key.
Answer
C. A digital signature is created by the sender to prove message integrity by initially using a hashing algorithm to produce a hash value or message digest from the entire message contents. Upon receiving the data, the recipient can independently create it.
Explanation
A digital signature is created by the sender to prove message integrity by initially using a hashing algorithm to produce a hash value, or message digest, from the entire message contents. Upon receiving the data, the recipient can independently create its own message digest from the data for comparison and data integrity validation. Public and private are used to enforce confidentiality. Hashing algorithms are used to enforce integrity
CISA Question 1177
Question
Which of the following do digital signatures provide?
A. Authentication and integrity of data
B. Authentication and confidentiality of data
C. Confidentiality and integrity of data
D. Authentication and availability of data
Answer
A. Authentication and integrity of data
Explanation
The primary purpose of digital signatures is to provide authentication and integrity of data.
CISA Question 1178
Question
What does PKI use to provide some of the strongest overall control over data confidentiality, reliability, and integrity for Internet transactions?
A. A combination of public-key cryptography and digital certificates and two-factor authentication
B. A combination of public-key cryptography and two-factor authentication
C. A combination of public-key cryptography and digital certificates
D. A combination of digital certificates and two-factor authentication
Answer
C. A combination of public-key cryptography and digital certificates
Explanation
PKI uses a combination of public-key cryptography and digital certificates to provide some of the strongest overall control over data confidentiality, reliability, and integrity for Internet transactions.
CISA Question 1179
Question
Which of the following is a guiding best practice for implementing logical access controls?
A. Implementing the Biba Integrity Model
B. Access is granted on a least-privilege basis, per the organization’s data owners
C. Implementing the Take-Grant access control model
D. Classifying data according to the subject’s requirements
Answer
B. Access is granted on a least-privilege basis, per the organization’s data owners
Explanation
Logical access controls should be reviewed to ensure that access is granted on a least-privilege basis, per the organization’s data owners.
CISA Question 1180
Question
Which of the following is a good control for protecting confidential data residing on a PC?
A. Personal firewall
B. File encapsulation
C. File encryption
D. Host-based intrusion detection
Answer
C. File encryption
Explanation
File encryption is a good control for protecting confidential data residing on a PC.